Demo description

Generated on Mon, 24 Mar 2025 22:17:35

ZAP Version: 2.16.0

ZAP by Checkmarx

Summary of Alerts

Risk Level Number of Alerts
High
0
Medium
3
Low
3
False Positives:
0

Passing Rules

Name Rule Type Threshold Strength
Directory Browsing Active MEDIUM MEDIUM
CRLF Injection Active MEDIUM MEDIUM
Path Traversal Active MEDIUM MEDIUM
Remote File Inclusion Active MEDIUM MEDIUM
Parameter Tampering Active MEDIUM MEDIUM
Server Side Include Active MEDIUM MEDIUM
GET for POST Active MEDIUM MEDIUM
Cross Site Scripting (Reflected) Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) Active MEDIUM MEDIUM
Script Active Scan Rules Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Prime Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Spider Active MEDIUM MEDIUM
SQL Injection Active MEDIUM MEDIUM
SQL Injection - MySQL Active MEDIUM MEDIUM
SQL Injection - Hypersonic SQL Active MEDIUM MEDIUM
SQL Injection - Oracle Active MEDIUM MEDIUM
SQL Injection - PostgreSQL Active MEDIUM MEDIUM
SQL Injection - SQLite Active MEDIUM MEDIUM
Cross Site Scripting (DOM Based) Active MEDIUM MEDIUM
SQL Injection - MsSQL Active MEDIUM MEDIUM
ELMAH Information Leak Active MEDIUM MEDIUM
Trace.axd Information Leak Active MEDIUM MEDIUM
XSLT Injection Active MEDIUM MEDIUM
.htaccess Information Leak Active MEDIUM MEDIUM
.env Information Leak Active MEDIUM MEDIUM
Server Side Code Injection Active MEDIUM MEDIUM
Advanced SQL Injection Active MEDIUM MEDIUM
XPath Injection Active MEDIUM MEDIUM
Remote OS Command Injection Active MEDIUM MEDIUM
XML External Entity Attack Active MEDIUM MEDIUM
Generic Padding Oracle Active MEDIUM MEDIUM
Spring Actuator Information Leak Active MEDIUM MEDIUM
SOAP Action Spoofing Active MEDIUM MEDIUM
Log4Shell Active MEDIUM MEDIUM
SOAP XML Injection Active MEDIUM MEDIUM
Spring4Shell Active MEDIUM MEDIUM
Heartbleed OpenSSL Vulnerability Active MEDIUM MEDIUM
Buffer Overflow Active MEDIUM MEDIUM
Source Code Disclosure - CVE-2012-1823 Active MEDIUM MEDIUM
Format String Error Active MEDIUM MEDIUM
Server Side Template Injection Active MEDIUM MEDIUM
Remote Code Execution - CVE-2012-1823 Active MEDIUM MEDIUM
Cloud Metadata Potentially Exposed Active MEDIUM MEDIUM
External Redirect Active MEDIUM MEDIUM
Server Side Template Injection (Blind) Active MEDIUM MEDIUM
User Agent Fuzzer Active MEDIUM MEDIUM
Source Code Disclosure - /WEB-INF Folder Active MEDIUM MEDIUM
Session Management Response Identified Passive MEDIUM -
Verification Request Identified Passive MEDIUM -
Private IP Disclosure Passive MEDIUM -
Session ID in URL Rewrite Passive MEDIUM -
Script Served From Malicious Domain (polyfill) Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Vulnerable JS Library (Powered by Retire.js) Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Re-examine Cache-control Directives Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Anti-clickjacking Header Passive MEDIUM -
X-Content-Type-Options Header Missing Passive MEDIUM -
Application Error Disclosure Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Information Disclosure - Suspicious Comments Passive MEDIUM -
Open Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
User Controllable HTML Element Attribute (Potential XSS) Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
HTTP Server Response Header Passive MEDIUM -
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Big Redirect Detected (Potential Sensitive Information Leak) Passive MEDIUM -
Retrieved from Cache Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
Cookie without SameSite Attribute Passive MEDIUM -
CSP Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Absence of Anti-CSRF Tokens Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -
Modern Web Application Passive MEDIUM -
Authentication Request Identified Passive MEDIUM -

Sites

https://juice-shop.herokuapp.com/

HTTP Response Code Number of Responses

No Authentication Statistics Found

Alert Detail

Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://juice-shop.herokuapp.com/
Method GET
Parameter
Attack
Evidence
Request Header - size: 250 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 375 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:39:13
Method GET
Parameter
Attack
Evidence
Request Header - size: 344 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:55:18
Method GET
Parameter
Attack
Evidence
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 436 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 409 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 415 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 420 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 417 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:280:10
Method GET
Parameter
Attack
Evidence
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:286:9
Method GET
Parameter
Attack
Evidence
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:328:13
Method GET
Parameter
Attack
Evidence
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:365:14
Method GET
Parameter
Attack
Evidence
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:376:14
Method GET
Parameter
Attack
Evidence
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:421:3
Method GET
Parameter
Attack
Evidence
Request Header - size: 367 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/layer.js:95:5
Method GET
Parameter
Attack
Evidence
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 393 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 390 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 422 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 401 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 403 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/index.js:145:39
Method GET
Parameter
Attack
Evidence
Request Header - size: 361 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 376 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/ftp
Method GET
Parameter
Attack
Evidence
Request Header - size: 307 bytes.
Request Body - size: 0 bytes.
Response Header - size: 842 bytes.
Response Body - size: 12,219 bytes.
URL https://juice-shop.herokuapp.com/ftp/
Method GET
Parameter
Attack
Evidence
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 846 bytes.
Response Body - size: 12,176 bytes.
URL https://juice-shop.herokuapp.com/ftp/coupons_2013.md.bak
Method GET
Parameter
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/eastere.gg
Method GET
Parameter
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/encrypt.pyc
Method GET
Parameter
Attack
Evidence
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/package.json.bak
Method GET
Parameter
Attack
Evidence
Request Header - size: 317 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine
Method GET
Parameter
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 845 bytes.
Response Body - size: 9,588 bytes.
URL https://juice-shop.herokuapp.com/ftp/suspicious_errors.yml
Method GET
Parameter
Attack
Evidence
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/sitemap.xml
Method GET
Parameter
Attack
Evidence
Request Header - size: 261 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
Instances 56
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://www.w3.org/TR/CSP/
https://w3c.github.io/webappsec-csp/
https://web.dev/articles/csp
https://caniuse.com/#feat=contentsecuritypolicy
https://content-security-policy.com/
Tags CWE-693
OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Cross-Domain Misconfiguration
Description
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.
URL https://juice-shop.herokuapp.com/
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 250 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 375 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:39:13
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 344 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:55:18
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 436 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 409 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 415 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 420 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 417 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:280:10
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:286:9
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:328:13
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:365:14
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:376:14
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:421:3
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 367 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/layer.js:95:5
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 393 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 390 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 422 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 401 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 403 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/index.js:145:39
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 361 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 376 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 960 bytes.
Response Body - size: 15,086 bytes.
URL https://juice-shop.herokuapp.com/ftp
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 307 bytes.
Request Body - size: 0 bytes.
Response Header - size: 842 bytes.
Response Body - size: 12,219 bytes.
URL https://juice-shop.herokuapp.com/ftp/
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 846 bytes.
Response Body - size: 12,176 bytes.
URL https://juice-shop.herokuapp.com/ftp/acquisitions.md
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 316 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 909 bytes.
URL https://juice-shop.herokuapp.com/ftp/announcement_encrypted.md
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 982 bytes.
Response Body - size: 369,237 bytes.
URL https://juice-shop.herokuapp.com/ftp/coupons_2013.md.bak
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/eastere.gg
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/encrypt.pyc
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/incident-support.kdbx
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 951 bytes.
Response Body - size: 3,246 bytes.
URL https://juice-shop.herokuapp.com/ftp/legal.md
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 309 bytes.
Request Body - size: 0 bytes.
Response Header - size: 978 bytes.
Response Body - size: 3,047 bytes.
URL https://juice-shop.herokuapp.com/ftp/order_5267-737cdc5d0ab0cba9.pdf
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 332 bytes.
Request Body - size: 0 bytes.
Response Header - size: 942 bytes.
Response Body - size: 1,860 bytes.
URL https://juice-shop.herokuapp.com/ftp/package.json.bak
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 317 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 845 bytes.
Response Body - size: 9,588 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_amd_64.url
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_arm_64.url
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_macos_64.url
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 349 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 162 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_windows_64.exe.url
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 355 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 168 bytes.
URL https://juice-shop.herokuapp.com/ftp/suspicious_errors.yml
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 301 bytes.
Request Body - size: 0 bytes.
Response Header - size: 987 bytes.
Response Body - size: 459,087 bytes.
URL https://juice-shop.herokuapp.com/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 306 bytes.
Request Body - size: 0 bytes.
Response Header - size: 985 bytes.
Response Body - size: 55,492 bytes.
URL https://juice-shop.herokuapp.com/robots.txt
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 260 bytes.
Request Body - size: 0 bytes.
Response Header - size: 882 bytes.
Response Body - size: 28 bytes.
URL https://juice-shop.herokuapp.com/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 983 bytes.
Response Body - size: 3,315 bytes.
URL https://juice-shop.herokuapp.com/sitemap.xml
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 261 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 579,145 bytes.
URL https://juice-shop.herokuapp.com/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 303 bytes.
Request Body - size: 0 bytes.
Response Header - size: 989 bytes.
Response Body - size: 1,653,829 bytes.
Instances 72
Solution
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
Tags OWASP_2017_A05
CWE-264
OWASP_2021_A01
CWE Id 264
WASC Id 14
Plugin Id 10098
Medium
Hidden File Found
Description
A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.
URL https://juice-shop.herokuapp.com/._darcs
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 257 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/.bzr
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 254 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/.hg
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 253 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/BitKeeper
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 259 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
Instances 4
Solution
Consider whether or not the component is actually required in production, if it isn't then disable it. If it is then ensure access to it requires appropriate authentication and authorization, or limit exposure to internal systems or specific source IPs, etc.
Reference https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan-for-Secrets-on-Web-Servers.html
Tags OWASP_2021_A05
OWASP_2017_A06
POLICY_QA_FULL =
CWE-538
WSTG-v42-CONF-05
CWE Id 538
WASC Id 13
Plugin Id 40035
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL https://juice-shop.herokuapp.com/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 250 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 250 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 375 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 375 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:39:13
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 344 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:39:13
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 344 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:55:18
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:55:18
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 436 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 436 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 409 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 409 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 415 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 415 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 420 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 420 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 417 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 417 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:280:10
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:280:10
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:286:9
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:286:9
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:328:13
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:328:13
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:365:14
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:365:14
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:376:14
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:376:14
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:421:3
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 367 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:421:3
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 367 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/layer.js:95:5
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/layer.js:95:5
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 393 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 393 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 390 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 390 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 422 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 422 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 401 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 401 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 403 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 403 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/index.js:145:39
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 361 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/index.js:145:39
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 361 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 376 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 376 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 261 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 261 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
Instances 96
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
Tags OWASP_2021_A08
CWE-829
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Strict-Transport-Security Header Not Set
Description
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
URL https://juice-shop.herokuapp.com/
Method GET
Parameter
Attack
Evidence
Request Header - size: 250 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 375 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:39:13
Method GET
Parameter
Attack
Evidence
Request Header - size: 344 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:55:18
Method GET
Parameter
Attack
Evidence
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 436 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 409 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 415 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 420 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 417 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:280:10
Method GET
Parameter
Attack
Evidence
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:286:9
Method GET
Parameter
Attack
Evidence
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:328:13
Method GET
Parameter
Attack
Evidence
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:365:14
Method GET
Parameter
Attack
Evidence
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:376:14
Method GET
Parameter
Attack
Evidence
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:421:3
Method GET
Parameter
Attack
Evidence
Request Header - size: 367 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/layer.js:95:5
Method GET
Parameter
Attack
Evidence
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 393 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 390 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 422 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 401 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 403 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/index.js:145:39
Method GET
Parameter
Attack
Evidence
Request Header - size: 361 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 376 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 960 bytes.
Response Body - size: 15,086 bytes.
URL https://juice-shop.herokuapp.com/ftp
Method GET
Parameter
Attack
Evidence
Request Header - size: 307 bytes.
Request Body - size: 0 bytes.
Response Header - size: 842 bytes.
Response Body - size: 12,219 bytes.
URL https://juice-shop.herokuapp.com/ftp/
Method GET
Parameter
Attack
Evidence
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 846 bytes.
Response Body - size: 12,176 bytes.
URL https://juice-shop.herokuapp.com/ftp/acquisitions.md
Method GET
Parameter
Attack
Evidence
Request Header - size: 316 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 909 bytes.
URL https://juice-shop.herokuapp.com/ftp/announcement_encrypted.md
Method GET
Parameter
Attack
Evidence
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 982 bytes.
Response Body - size: 369,237 bytes.
URL https://juice-shop.herokuapp.com/ftp/coupons_2013.md.bak
Method GET
Parameter
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/eastere.gg
Method GET
Parameter
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/encrypt.pyc
Method GET
Parameter
Attack
Evidence
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/incident-support.kdbx
Method GET
Parameter
Attack
Evidence
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 951 bytes.
Response Body - size: 3,246 bytes.
URL https://juice-shop.herokuapp.com/ftp/legal.md
Method GET
Parameter
Attack
Evidence
Request Header - size: 309 bytes.
Request Body - size: 0 bytes.
Response Header - size: 978 bytes.
Response Body - size: 3,047 bytes.
URL https://juice-shop.herokuapp.com/ftp/order_5267-737cdc5d0ab0cba9.pdf
Method GET
Parameter
Attack
Evidence
Request Header - size: 332 bytes.
Request Body - size: 0 bytes.
Response Header - size: 942 bytes.
Response Body - size: 1,860 bytes.
URL https://juice-shop.herokuapp.com/ftp/package.json.bak
Method GET
Parameter
Attack
Evidence
Request Header - size: 317 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine
Method GET
Parameter
Attack
Evidence
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 845 bytes.
Response Body - size: 9,588 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_amd_64.url
Method GET
Parameter
Attack
Evidence
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_arm_64.url
Method GET
Parameter
Attack
Evidence
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_macos_64.url
Method GET
Parameter
Attack
Evidence
Request Header - size: 349 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 162 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_windows_64.exe.url
Method GET
Parameter
Attack
Evidence
Request Header - size: 355 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 168 bytes.
URL https://juice-shop.herokuapp.com/ftp/suspicious_errors.yml
Method GET
Parameter
Attack
Evidence
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 301 bytes.
Request Body - size: 0 bytes.
Response Header - size: 987 bytes.
Response Body - size: 459,087 bytes.
URL https://juice-shop.herokuapp.com/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 306 bytes.
Request Body - size: 0 bytes.
Response Header - size: 985 bytes.
Response Body - size: 55,492 bytes.
URL https://juice-shop.herokuapp.com/robots.txt
Method GET
Parameter
Attack
Evidence
Request Header - size: 260 bytes.
Request Body - size: 0 bytes.
Response Header - size: 882 bytes.
Response Body - size: 28 bytes.
URL https://juice-shop.herokuapp.com/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 983 bytes.
Response Body - size: 3,315 bytes.
URL https://juice-shop.herokuapp.com/sitemap.xml
Method GET
Parameter
Attack
Evidence
Request Header - size: 261 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 579,145 bytes.
URL https://juice-shop.herokuapp.com/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 303 bytes.
Request Body - size: 0 bytes.
Response Header - size: 989 bytes.
Response Body - size: 1,653,829 bytes.
Instances 72
Solution
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
Reference https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
https://owasp.org/www-community/Security_Headers
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
https://caniuse.com/stricttransportsecurity
https://datatracker.ietf.org/doc/html/rfc6797
Tags OWASP_2021_A05
OWASP_2017_A06
CWE-319
CWE Id 319
WASC Id 15
Plugin Id 10035
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server. - Unix
URL https://juice-shop.herokuapp.com/
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832623
Request Header - size: 250 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833714
Request Header - size: 250 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833727
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 375 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833724
Request Header - size: 375 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833727
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833727
Request Header - size: 382 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833727
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833728
Request Header - size: 380 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/assets/public/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833729
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:39:13
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 344 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:39:13
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833722
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:55:18
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/fileServer.js:55:18
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833725
Request Header - size: 354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833726
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833725
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833724
Request Header - size: 357 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/build/routes/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833724
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 436 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833728
Request Header - size: 436 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 409 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833725
Request Header - size: 409 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 415 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833728
Request Header - size: 415 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 420 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833730
Request Header - size: 420 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833728
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833728
Request Header - size: 418 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 417 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/assets/public/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833728
Request Header - size: 417 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:280:10
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:280:10
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833723
Request Header - size: 360 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:286:9
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:286:9
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833723
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:328:13
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:328:13
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833722
Request Header - size: 360 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:365:14
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:365:14
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833724
Request Header - size: 360 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:376:14
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:376:14
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833724
Request Header - size: 368 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:421:3
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 367 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/index.js:421:3
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833723
Request Header - size: 359 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/layer.js:95:5
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/layer.js:95:5
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833722
Request Header - size: 366 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833728
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 393 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833726
Request Header - size: 393 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833726
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833725
Request Header - size: 391 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 390 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/express/lib/router/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833726
Request Header - size: 390 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 422 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833729
Request Header - size: 422 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833726
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 401 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833729
Request Header - size: 401 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833729
Request Header - size: 406 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833729
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833735
Request Header - size: 404 bytes.
Request Body - size: 0 bytes.
Response Header - size: 985 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832634
Request Header - size: 403 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/assets/public/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833729
Request Header - size: 403 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/index.js:145:39
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832632
Request Header - size: 361 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/index.js:145:39
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833724
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833727
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833727
Request Header - size: 379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833726
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833726
Request Header - size: 377 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832633
Request Header - size: 376 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/app/node_modules/serve-index/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833727
Request Header - size: 376 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 960 bytes.
Response Body - size: 15,086 bytes.
URL https://juice-shop.herokuapp.com/assets/public/favicon_js.ico
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833715
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 968 bytes.
Response Body - size: 15,086 bytes.
URL https://juice-shop.herokuapp.com/ftp
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 307 bytes.
Request Body - size: 0 bytes.
Response Header - size: 842 bytes.
Response Body - size: 12,219 bytes.
URL https://juice-shop.herokuapp.com/ftp
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833715
Request Header - size: 307 bytes.
Request Body - size: 0 bytes.
Response Header - size: 850 bytes.
Response Body - size: 12,219 bytes.
URL https://juice-shop.herokuapp.com/ftp/
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832637
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 846 bytes.
Response Body - size: 12,176 bytes.
URL https://juice-shop.herokuapp.com/ftp/
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833732
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 846 bytes.
Response Body - size: 12,176 bytes.
URL https://juice-shop.herokuapp.com/ftp/acquisitions.md
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 316 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 909 bytes.
URL https://juice-shop.herokuapp.com/ftp/acquisitions.md
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 316 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 909 bytes.
URL https://juice-shop.herokuapp.com/ftp/announcement_encrypted.md
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 982 bytes.
Response Body - size: 369,237 bytes.
URL https://juice-shop.herokuapp.com/ftp/announcement_encrypted.md
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 326 bytes.
Request Body - size: 0 bytes.
Response Header - size: 978 bytes.
Response Body - size: 369,237 bytes.
URL https://juice-shop.herokuapp.com/ftp/coupons_2013.md.bak
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/coupons_2013.md.bak
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 848 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/eastere.gg
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/eastere.gg
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 848 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/encrypt.pyc
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/encrypt.pyc
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 848 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/incident-support.kdbx
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 951 bytes.
Response Body - size: 3,246 bytes.
URL https://juice-shop.herokuapp.com/ftp/incident-support.kdbx
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833722
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 947 bytes.
Response Body - size: 3,246 bytes.
URL https://juice-shop.herokuapp.com/ftp/legal.md
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 309 bytes.
Request Body - size: 0 bytes.
Response Header - size: 978 bytes.
Response Body - size: 3,047 bytes.
URL https://juice-shop.herokuapp.com/ftp/legal.md
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833722
Request Header - size: 309 bytes.
Request Body - size: 0 bytes.
Response Header - size: 974 bytes.
Response Body - size: 3,047 bytes.
URL https://juice-shop.herokuapp.com/ftp/order_5267-737cdc5d0ab0cba9.pdf
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 332 bytes.
Request Body - size: 0 bytes.
Response Header - size: 942 bytes.
Response Body - size: 1,860 bytes.
URL https://juice-shop.herokuapp.com/ftp/order_5267-737cdc5d0ab0cba9.pdf
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 332 bytes.
Request Body - size: 0 bytes.
Response Header - size: 938 bytes.
Response Body - size: 1,860 bytes.
URL https://juice-shop.herokuapp.com/ftp/package.json.bak
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 317 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/package.json.bak
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 317 bytes.
Request Body - size: 0 bytes.
Response Header - size: 848 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 845 bytes.
Response Body - size: 9,588 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 311 bytes.
Request Body - size: 0 bytes.
Response Header - size: 841 bytes.
Response Body - size: 9,588 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_amd_64.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832637
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_amd_64.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833732
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_arm_64.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832637
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_arm_64.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833731
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 945 bytes.
Response Body - size: 166 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_macos_64.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832637
Request Header - size: 349 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 162 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_macos_64.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833731
Request Header - size: 349 bytes.
Request Body - size: 0 bytes.
Response Header - size: 945 bytes.
Response Body - size: 162 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_windows_64.exe.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832637
Request Header - size: 355 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 168 bytes.
URL https://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_windows_64.exe.url
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833732
Request Header - size: 355 bytes.
Request Body - size: 0 bytes.
Response Header - size: 949 bytes.
Response Body - size: 168 bytes.
URL https://juice-shop.herokuapp.com/ftp/suspicious_errors.yml
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832631
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 852 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/ftp/suspicious_errors.yml
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833721
Request Header - size: 322 bytes.
Request Body - size: 0 bytes.
Response Header - size: 848 bytes.
Response Body - size: 1,866 bytes.
URL https://juice-shop.herokuapp.com/main.js
Method GET
Parameter
Attack
Evidence 1734944650
Request Header - size: 301 bytes.
Request Body - size: 0 bytes.
Response Header - size: 987 bytes.
Response Body - size: 459,087 bytes.
URL https://juice-shop.herokuapp.com/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 301 bytes.
Request Body - size: 0 bytes.
Response Header - size: 987 bytes.
Response Body - size: 459,087 bytes.
URL https://juice-shop.herokuapp.com/main.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833715
Request Header - size: 312 bytes.
Request Body - size: 0 bytes.
Response Header - size: 995 bytes.
Response Body - size: 459,087 bytes.
URL https://juice-shop.herokuapp.com/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 306 bytes.
Request Body - size: 0 bytes.
Response Header - size: 985 bytes.
Response Body - size: 55,492 bytes.
URL https://juice-shop.herokuapp.com/polyfills.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833716
Request Header - size: 317 bytes.
Request Body - size: 0 bytes.
Response Header - size: 989 bytes.
Response Body - size: 55,492 bytes.
URL https://juice-shop.herokuapp.com/robots.txt
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 260 bytes.
Request Body - size: 0 bytes.
Response Header - size: 882 bytes.
Response Body - size: 28 bytes.
URL https://juice-shop.herokuapp.com/robots.txt
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833714
Request Header - size: 260 bytes.
Request Body - size: 0 bytes.
Response Header - size: 890 bytes.
Response Body - size: 28 bytes.
URL https://juice-shop.herokuapp.com/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 983 bytes.
Response Body - size: 3,315 bytes.
URL https://juice-shop.herokuapp.com/runtime.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833716
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 987 bytes.
Response Body - size: 3,315 bytes.
URL https://juice-shop.herokuapp.com/sitemap.xml
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832623
Request Header - size: 261 bytes.
Request Body - size: 0 bytes.
Response Header - size: 977 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/sitemap.xml
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833714
Request Header - size: 261 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 71,432 bytes.
URL https://juice-shop.herokuapp.com/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 973 bytes.
Response Body - size: 579,145 bytes.
URL https://juice-shop.herokuapp.com/styles.css
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833715
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 981 bytes.
Response Body - size: 579,145 bytes.
URL https://juice-shop.herokuapp.com/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742832624
Request Header - size: 303 bytes.
Request Body - size: 0 bytes.
Response Header - size: 989 bytes.
Response Body - size: 1,653,829 bytes.
URL https://juice-shop.herokuapp.com/vendor.js
Method GET
Parameter Reporting-Endpoints
Attack
Evidence 1742833715
Request Header - size: 303 bytes.
Request Body - size: 0 bytes.
Response Header - size: 997 bytes.
Response Body - size: 1,653,829 bytes.
Instances 145
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference https://cwe.mitre.org/data/definitions/200.html
Tags OWASP_2021_A01
OWASP_2017_A03
CWE-497
CWE Id 497
WASC Id 13
Plugin Id 10096